[17344] in cryptography@c2.net mail archive
Re: Digital signatures have a big problem with meaning
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Jun 3 10:50:56 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: lynn@garlic.com, pgut001@cs.auckland.ac.nz
Cc: cryptography@metzdowd.com, dan@geer.org, rsalz@datapower.com
In-Reply-To: <42A06046.6090407@garlic.com>
Date: Sat, 04 Jun 2005 02:18:10 +1200
Anne & Lynn Wheeler <lynn@garlic.com> writes:
>the problem was that xml didn't have a deterministic definition for encoding
>fields.
Yup, see "Why XML Security is Broken",
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules for deterministic encoding, but so
many things get them wrong that experience has shown the only safe way to
handle it is to do an exact bit-for-bit copy from A to B, rather than trying
to re-code at any point. I've frequently commented that there is only one
workable rule for encoding objects like X.500 DNs, and that's memcpy().
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
